Reaction on “Heartbleed”: Working Together to Mitigate Cybersecurity Vulnerabilities

Information sharing is a key part of the Department of Homeland Security’s (DHS) important mission to create shared situational awareness of potential cybersecurity vulnerabilities. DHS, through our National Cybersecurity & Communications Integration Center (NCCIC), actively collaborates with public and private sector partners every day to make sure they have the information and tools they need to protect the systems we all rely on.

When a cybersecurity industry report was published three days ago about a vulnerability known as “Heartbleed” – affecting websites, email, and instant messaging – that can potentially impact internet logins and personal information online by undermining the encryption process, the Department’s U.S.-Computer Emergency Readiness Team (US-CERT) immediately issued an alert to share actionable information with the public and suggested mitigation steps. Subsequently, our Industrial Control System-Cyber Emergency Response Team (ICS-CERT) published information and reached out to vendors and asset owners to determine the potential vulnerabilities to computer systems that control essential systems – like critical infrastructure, user-facing, and financial systems. The National Coordinating Center for Communications (NCC) also provided situational awareness to communications sector partners for their review and action. Importantly, the Federal government’s core citizen-facing websites are not exposed to risks from this cybersecurity threat. We are continuing to coordinate across agencies to ensure that all Federal government websites are protected from this threat.

While there have not been any reported attacks or malicious incidents involving this particular vulnerability confirmed at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems. That is why everyone has a role to play to ensuring our nation’s cybersecurity. We have been and continue to work closely with federal, state, local and private sector partners to determine any potential impacts and help implement mitigation strategies as necessary.

Today we’re also sharing some tips on steps you can take to protect your own personal cybersecurity and information online:

Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.

Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages

After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.

Cybersecurity is a shared responsibility and when we take steps to ensure our own cyber safety, we are also helping to create a safer Internet for others.